﻿// Copyright (c) Brock Allen & Dominick Baier. All rights reserved.
// Licensed under the Apache License, Version 2.0. See LICENSE in the project root for license information.


using IdentityModel;
using IdentityServer4;
using IdentityServer4.Models;
using System.Collections.Generic;

namespace IdentityServer
{
    public static class Config
    {
        public static IEnumerable<IdentityResource> IdentityResources =>
            new IdentityResource[]
            {
                new IdentityResources.OpenId(),
                new IdentityResources.Profile(),
                new IdentityResource("role", new string[]{JwtClaimTypes.Role }),
                new IdentityResource("permission",new string[]{ "permission" })
            };

        public static IEnumerable<ApiScope> ApiScopes =>
            new ApiScope[]
            { 
                new ApiScope("api")
            };

        public static IEnumerable<Client> Clients =>
            new Client[]
            {
                new Client
                {
                    //唯一id，用来区分不同的Client
                    ClientId = "blazorwasm",
                    //使用的授权方式
                    AllowedGrantTypes = GrantTypes.Code,
                    //这里设置为不需要安全码，当然也可以指定安全码
                    RequireClientSecret = false,
                    //Blazor运行时的URL
                    AllowedCorsOrigins =     { "https://localhost:5000" },
                    //登录成功之后将要跳转的Blazor的URL
                    RedirectUris = { "https://localhost:5000/authentication/login-callback" },
                    //登出之后将要跳转的Blazor的URL
                    PostLogoutRedirectUris = { "https://localhost:5000/" },
                    //允许的Scope，openid包含用户id，profile包含用户基本资料，api为自定义的scope，也可以为其他名字
                    AllowedScopes = { "openid", "profile", "role","permission",  "api" },
                },
                new Client
                {
                    //唯一id，用来区分不同的Client
                    ClientId = "blazorserver",
                    //使用的授权方式
                    AllowedGrantTypes = GrantTypes.Code,
                    //这里设置安全码，当然也可以不指定
                    ClientSecrets = { new Secret("secret".Sha256()) },
                    //Blazor运行时的URL
                    AllowedCorsOrigins =     { "https://localhost:5005" },
                    //登录成功之后将要跳转的Blazor的URL
                    RedirectUris = { "https://localhost:5005/signin-oidc" },
                    //登出之后将要跳转的Blazor的URL
                    PostLogoutRedirectUris = { "https://localhost:5005/signout-callback-oidc" },
                    //允许的Scope，openid包含用户id，profile包含用户基本资料
                    AllowedScopes = { "openid", "profile", "role","permission"},
                }
            };
    }
}